Amidst the pandemic, the Financial services sector has experienced more cyberattacks than any other. Time to buckle up, says this expert.

When it comes to cyberattacks, no industry is safe—but the financial services sector is increasingly becoming a primary target for cybercriminals.

According to some research, the sector experienced up to 300 times as many cyberattacks per year as those in other industries. This challenge is now exacerbated as cybercriminals become even more determined and sophisticated in their attack methods.

In Singapore, 64% of financial services organizations witnessed significantly more sophisticated cyberattacks over the last 12 months, while 62% had seen more than a 50% increase in attack frequency, based on recent research we conducted.

The dramatic advancement of attacks against the financial industry can be attributed to three key factors: First, the COVID-19 pandemic has forced many employees to work remotely, further widening the attack surface and creating easier targets. Second, cybercrime syndicates have in recent years been adopting newer attack methodologies that traditional cybersecurity controls cannot defend against. Lastly, cybercriminals are, in some cases, being seen as patriots by their respective nations and acting as nefarious “cyber Robin Hoods”.

Banking on COVID-19

According to our recent data, cyberattacks against the financial services sector have increased by 238% from February to April 2020, amid the pandemic. Cybercriminals often work to exploit fear and uncertainty during major world events, and the pandemic is no exception.

In fact, notable spikes in attacks can also be correlated to key days in the COVID-19 news cycles. On February 29, 2020 there was a 66% spike in attacks over baseline levels when multiple states in the US declared COVID-19 a public health emergency. When the World Health Organization declared COVID-19 a pandemic on March 11, 2020, there was a 22% spike in attacks. This suggests attackers are opportunistic and leverage breaking news to take advantage of vulnerable populations.

Attackers have been using the pandemic climate to launch watering hole attacks, spear phishing attacks, application attacks and ransomware. As unemployment rates increase and recessions prevail, this can be increasingly damaging to the global economic landscape. It is clear the attackers are not slowing down, making it more important to understand their motivations.

Follow the money trail

Financial institutions have reported that cybercriminals are becoming more sophisticated, in that they leverage highly-targeted social engineering attacks and advanced procedures for hiding malicious activity.

The criminals’ goal is to exploit weaknesses in people, processes and technology in order to infiltrate the network and gain the ability to transfer funds and withdraw sensitive data.

While social engineering is still very prevalent, there has been a shift away from spear phishing toward island-hopping—a tactic where attackers try to gain a foothold of one organization to then jump to additional targets. The modern cybercriminal understands that it is more lucrative to island-hop from the bank’s environment in order to attack its customers, which is why there are a variety of island-hopping attacks seen today.

In fact, island-hopping has more than tripled in attack frequency and is now the most commonly-experienced attack in Singapore. In the financial services sector, the reverse business email compromise is equally prevalent. These attacks occur when a hacker successfully takes over a victim’s email server and executes fileless malware attacks against members of the organization as well as their Board. As more employees are working from home, network security can be more easily compromised, so such attacks have become much easier to execute successfully.

Another common cybercriminal tactic seen today is watering-hole attacks, which today makes up one in every five attacks on financial institutions. In these cases, hackers target and hijack a website frequently visited by partners or customers of the organization they are trying to breach. This tactic is increasing as cybercriminals recognize the implicit trust consumers have in bank brands.

Hackers aim to identify popular websites where people are looking to gain information from. In today’s uncertain economic situation, many people are looking to financial institutions to help them through trying times, and unfortunately hackers are taking advantage of that.

If you cannot steal it, destroy it

Cybercriminals are escalating their attacks as they fight back to maintain persistence. Their strategy seems to be, ‘if it cannot be stolen, it will be destroyed’—similar to burning a house down if one fails to pillage it.

Increasingly, destructive attacks are also being leveraged as ‘counter incident-response techniques’. Trust and confidence can be undermined as cybercriminals appreciate that it is more valuable to commandeer the digital transformation efforts of a financial institution than to target its customers directly.

To battle against this, financial institutions must conduct regular cyberthreat hunting exercises to root out any persistent attacker that might already be in the organization. A shift to an intrinsic security model must occur—one where security is built in and not bolted onto the enterprise.

To mitigate the modern bank heist, security teams must integrate security controls, microsegment, employ just-in-time authentication and modernize their endpoint security controls.

As the global health crisis continues, it is clear attackers will continue to target vulnerable populations and organizations, with an eye on finance services. Increased vigilance and visibility into enterprise-wide endpoint activity are more paramount than ever.

Cybersecurity in this sector is now also a brand-protection imperative, and the trust and confidence in the safety and soundness of every financial institution will depend on it.